Closed f-koehler closed 3 years ago
naggie
commented
3 years ago I''m glad you like it!
Thanks for the idea @f-koehler -- the problem is the private keys are deliberately discarded on the server for security; keeping the private keys would defeat the purpose of the public key crypto.
We could, however, add a regenerate command which would re-key a given client; I've been removing then adding peers in the past.
f-koehler
commented
3 years ago Oh I did not even realize that they were not included.
I like your idea about regenerating the peer instead. I will modify the code accordingly
naggie
commented
3 years ago Great thanks, I'd be happy to add that.
f-koehler
commented
3 years ago @naggie, I updated the PR accordingly.
I renamed the subcommand to regenerate and it now generates a new keypair for the peer. For completeness also the PSK is regenerated (in case the peer was breached and the PSK cannot be considered secret anymore). The global config also gets updated and the tunnel device reconfigured.
Let me know if somethings still off.
naggie
commented
3 years ago Excellent, thanks @f-koehler -- seems fine at first glance. I'll test it tonight and merge.
naggie
commented
3 years ago Tried it, works very well. I think it needs a confirmation like the add/remove commands though. I'll add that after merge.
Dear @naggie,
I really quite enjoy your dsnet tool. I started somehting similar in python with some different ideas f-koehler/wgmgr but seeing that this tool already has some traction and is nicely portable thanks to go, I decided to use it instead from now on.
However, I was missing an option to regenerate the config for an existing peer. In this PR I outline how one could implement it (pardon the code its the first go I've ever written). Please let me know what you think.
Best regads, @f-koehler